Skip to Content (custom)


BYOD and Information Governance Challenges

  • Information governance
  • 5 Mins

If you are like most, you probably have 4-5 different chat applications on your phone to talk to friends and family members.  Dad only likes to text via SMS, brother Peter only uses Facebook Messenger, Aunty Bridgette can only seem to navigate WhatsApp and your college roommates have a group chat on WeChat.  Now add in work colleagues, prospecting clients, and a long-standing client who is now a friend.  Today it is common to text with a client, IM with your boss via Snapchat, and post your latest and greatest product on Facebook. 

Yet we are still consistently taken back when a litigation ensues and we have to collect from a vast quantity of chat applications.  And custodians are equally shocked when told they will have to hand over their mobile device for a couple of hours or sometimes days because a forensic team needs to image the device in order to capture any and all possible locations for relevant data.

When we start mixing business with pleasure and co-use chat applications, we lose the ability to separate our communication within those programs. Regardless of whether your company has a bring your own device (BYOD) policy or provides you with a mobile phone or laptop, if the communication is relevant and unique, it is potentially discoverable.  Unfortunately, if you do combine communication within the same chat application to perform business functions, you would need to relinquish all those maybe not so appropriate messages from your college roommate as well. 

Things to remember:

Always keep business and personal communication separate!

  • Regardless of whether you have a BYOD or company provided device, keep business discussions to business applications like Skype for Business, Link, Slack, or Bloomberg. Collection from an enterprise level chat application is performed at the server level, so personal device collection would not be necessary, and therefore no need to relinquish your phone.
  • Over collection costs money!  Having clear lines of communication or putting company policies in place to restrict certain chat application usage will only help limit those potential over collection scenarios.

Data ownership

  • For chat applications like Facebook Messenger, WeChat, or WhatsApp that data is only temporarily stored on your mobile device.  All chat history (along with a lot of other data) is stored in their cloud.  Ultimately, collecting that data is much more complicated, as the ability to collect from devices and applications is ever changing.  The big tech companies have stated they will give the user the ability to access the data, but have not provided the same clear definition of ownership as our EU counterparts.

Data security and accessibility

  • If you are discussing, sharing, or attaching company or client private and/or confidential information, you may be breaching your organization’s information and security policies. 
  • Some company information and security policies restrict any company data from being stored or transferred into or through an unknown or un-audited “cloud” storage.  For instance, some corporate policies require that data must be stored on encrypted and segregated storage that is heavily monitored and maintained.  If you are using a chat application where that information is stored within the application owners’ cloud, you would be in breach of this policy.

Hackers are everywhere! 

  • We tend to worry about hackers on a personal level more than from a business perspective.  Most of the media focuses on your bank account information or social security number being leaked.  For main stream chat applications, all that is required to get into the account is a user name and password.  In 2014, hackers were able to access celebrity iCloud accounts and gain access to very private pictures.  All they needed was the username, password, and security questions for those accounts.  What if a hacker gained access to your Facebook account and downloaded all of your Facebook Messenger data, which just so happened to have several confidential documents sent to your colleague?

Communication is extremely complex. There are roughly 6,500 spoken languages around the world, and it feels like that many available chat applications out there on the market to match.  As our society becomes more and more dependent on the use of mobile technology to communicate in both our personal and professional lives, as citizens and dutiful employees, we must be mindful when typing or swiping away.


The contents of this article are intended to convey general information only and not to provide legal advice or opinions.

Subscribe to Future Blog Posts

Learn more about Epiq's Service offerings
Our Services